Qes
CVE-2020-2505
LOW
Severity by source
AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.
AnalysisAI
If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-209. If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later. Affected products include: Qnap Qes.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station. Rated
A hard-coded password vulnerability has been reported to affect earlier versions of QES. Rated high severity (CVSS 7.2),
If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in Fi
Same weakness CWE-209 – Error Message Information Leak
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today